CVE-2022-30482
https://notcve.org/view.php?id=CVE-2022-30482
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- versión 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) en el archivo \admin\add_cata.php por medio de los parámetros ctg_name • https://github.com/APTX-4879/CVE https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30482.pdf https://github.com/creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-26613
https://notcve.org/view.php?id=CVE-2022-26613
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. Se ha detectado que PHP-CMS versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro category en el archivo categorymenu.php • https://github.com/harshitbansal373/PHP-CMS/issues/14 https://github.com/harshitbansal373/PHP-CMS/issues/15 https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-26613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-41472
https://notcve.org/view.php?id=CVE-2021-41472
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. Una vulnerabilidad de inyección SQL en Sourcecodester Simple Membership System versión v1 por oretnom23, permite a atacantes ejecutar comandos SQL arbitrarios por medio de los parámetros username y password • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/razormist • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-40909
https://notcve.org/view.php?id=CVE-2021-40909
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. Una vulnerabilidad de tipo cross site scripting (XSS) en sourcecodester PHP CRUD sin Refresh/Reload usando Ajax y DataTables Tutorial versión v1 por oretnom23, permite a atacantes remotos ejecutar código arbitrario por medio de los parámetros first_name, last_name y email a /ajax_crud • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-10-09102021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-26800
https://notcve.org/view.php?id=CVE-2021-26800
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en el archivo Change-password.php en phpgurukul user management system in php usando procedimiento de almacenamiento versión V1.0, permite a atacantes cambiar la contraseña a una cuenta arbitraria • https://gist.github.com/Kavisha3/59dac95b268f0d32eab53e659ab59311 https://phpgurukul.com/user-management-system-in-php-using-stored-procedure • CWE-352: Cross-Site Request Forgery (CSRF) •